ffmpeg-4 (SUSE:Linux Enterprise Server 15 SP4-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP4-LTSS package ffmpeg-4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (30)
CVE-2024-35368 — CVSS 9.8 (critical): FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-35366 — CVSS 9.1 (critical): FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When…
CVE-2023-49502 — CVSS 8.8 (high): Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the…
CVE-2025-59728: When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the…
CVE-2023-51794 — CVSS 7.8 (high): Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the…
CVE-2023-50010 — CVSS 7.8 (high): FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id…
CVE-2023-51793 — CVSS 7.8 (high): Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the…
CVE-2024-31578 — CVSS 7.5 (high): FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2026-30997 — CVSS 7.5 (high): An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of…
CVE-2025-63757 — CVSS 7.5 (high): Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
CVE-2025-9951: A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause…
CVE-2020-22037 — CVSS 6.5 (medium): A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2025-22921 — CVSS 6.5 (medium): FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
CVE-2025-22919 — CVSS 6.5 (medium): A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a…
CVE-2020-22021 — CVSS 6.5 (medium): Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user…
CVE-2024-7055 — CVSS 6.3 (medium): A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the…
CVE-2025-1594 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the…
CVE-2024-36613 — CVSS 6.2 (medium): FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in…
CVE-2024-36618 — CVSS 6.2 (medium): FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting…
CVE-2023-48368 — CVSS 5.9 (medium): Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of…
CVE-2025-7700 — CVSS 5.3 (medium): A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the…
CVE-2025-0518 — CVSS 5.3 (medium): Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability…
CVE-2025-10256 — CVSS 5.3 (medium): A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on…
CVE-2025-25473 — CVSS 5.3 (medium): FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
CVE-2026-40962 — CVSS 4.9 (medium): FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to…
CVE-2023-45221 — CVSS 4.8 (medium): Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of…
CVE-2023-6601 — CVSS 4.7 (medium): A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary…
CVE-2023-47282 — CVSS 3.9 (low): Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated…
CVE-2023-22656 — CVSS 3.9 (low): Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to…
CVE-2023-47169 — CVSS 3.3 (low): Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of…